Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4294180s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20220223-en -
submitted
01/03/2022, 07:35
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20220223-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
sample.exe
-
Size
141KB
-
MD5
1c2af6c5e1b8b87189b5da7bd3cefe30
-
SHA1
6881acb4f1401f0db02bbebe82e2381a0b7c447d
-
SHA256
cf0705a3e4f3690e28184eb019a4940e7291ce5b3d52747ff80b72e90922a89b
-
SHA512
1f391111cbeb12f892c272076111a8317b98c9eda4bbf12eefb7a47bcc1a327b43310739a301718b700dc2ce28339b00533f2c9eda1f06ffff21f30d69ce6362
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 764 1476 WerFault.exe 26 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 764 WerFault.exe 764 WerFault.exe 764 WerFault.exe 764 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1476 sample.exe Token: SeDebugPrivilege 764 WerFault.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1476 wrote to memory of 764 1476 sample.exe 28 PID 1476 wrote to memory of 764 1476 sample.exe 28 PID 1476 wrote to memory of 764 1476 sample.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\sample.exe"C:\Users\Admin\AppData\Local\Temp\sample.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1476 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1476 -s 6122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:764
-